How would you know if Telnet server is running under NT 4 Server Sp-6a (Small Business Server 4.5 (IIS 4, Exchange 5.5 SP 3 (OWA (Outlook Web Access)), MS Proxy 2, SQL 7 (Nothing using it, not loaded, Arcserve 6.5.X SP2)? I don't recall seeing anything under Services. I am not at work so I cannot check. Our E-mail is retrieved from the Outlook 2k client, not throught the Exchange extention. Website is hosted externally. Our server runs IIS 4 for SBS tools, and our website, which has nothing just the default SBS page. With the proper URL, can access Exchange through the web browser, and 2 VPN ports. 2 users cannot access the server externally till they put passwords on their account. (There are only 4 of us. I am the only computer person there.) Thank you, Eric Vogel ----------------------------------------------------------------------- Eric Vogel -- NTug Member -- ICQ# 1452761 - A professional is someone who can do his best work when he doesn't feel like it. -- Alistair Cooke - Computer Talk Shop List Owner: http://www.questforcertification.com/cts ----------------------------------------------------------------------- ----- Original Message ----- From: "Lynn" <landerso@xxxxxxxxxx> To: <computertalkshop@xxxxxxxxxxxxx> Sent: Tuesday, January 30, 2001 7:56 PM Subject: [CTS] Re: Linux? > > TS152@xxxxxxxxxxxxxxxxxxx wrote: > > > > Security-wise, what documentation is available on how to lock down redhat > > linux 6.2 ... or any other linux distribution, for that matter? Let's say > > I want to put my Linux server out on the internet, how can I protect it > > from getting hacked? > > > Firstly, you mean cracked. Hackers do not break into servers, they play > with computers. Hackers have enough of their own computers, they don't > need to mess with yours. Most of the types that try to crack computers > are crackers, phreakers, and skr1pt k1dd13z. These are lowers forms of > life than most of us, and usually very, very stupid. Occasionally, > you'll hit a smart cracker, but most of the time they're dumb as a pole. > > Now, as for security. Securing a machine, ANY machine, is a BIG > question. As a basic rule of thumb, monitor CERT, l0pht and the > rootshell mailing lists for advisories. These are the lists that > professional sysadmins monitor. The URLS: > > http://www.cert.org > http://www.l0pht.com > http://www.rootshell.com > > Buy Practical Unix Security published by O'Reilly(a rule of thumb that > will save you many thousands of dollars: all O'Reilly books are worth > buying. Most UNIX sysadmins don't even have to read the back of an > O'Reilly book before buying it. They're all worth their weight in gold, > and you'll never regret buying an O'Reilly book). That will give you a > grounding in basic security measures. Install nmap, sniffit, and > tripwire. Either have logs e-mailed to you daily or have them printed > out by a dot-matrix printer attached to the server. nmap will tell you > what ports you have open(it's probably a good idea to just completely > shutdown inetd). sniffit is a packet sniffer, it lets you watch what's > going over the wire. tripwire creates a database of file permissions, > dates, sizes and checksums. Store this database on read-only media, > have tripwire run nightly. tripwire will send out alerts if any files > or directories are changed on the server. Watch the system like a > hawk. Especially watch for directories like ".. " and lrk4 or lrk5 > suddenly popping up. If they do, you have a skr1pt k1dd13. > > Shut down ALL unnessecary services. If you are only hosting a website, > the maximum ports you should have open are ssh, http and ftp. Don't use > WU-FTPD, it's bug-ridden. Use ProFTPD, have it lock ALL users uploading > webpages in a chroot jail in their home directories. NEVER USE TELNET! > Telnet is a MASSIVE security hole! DON'T USE TELNET! Use OpenSSH. > OpenSSH goes through regular security audits of the source code. > portmapper, the r commands are massive security holes. > > It's a personal decision as to whether or not you want to run sendmail > for e-mail service. UNIX machines don't handle life without a mail > server well. Either postfix or qmail are MUCH more secure. Sprint > Canada's dialup service uses postfix for e-mail, Hotmail runs qmail. > Just about everybody else, though, uses sendmail. > > It is very important to watch a machine. If you're ultra-paranoid, > sniffit can be run to log the contents of all packets going over the > wire. Log messages are critical for telling you what might be happening > to the machine. For example, if you're port-scanned, the log will show > null connections to just about every port on the machine. You'll > probably want to nuke sudo. > > -------------------------------------------------------------------------- - > ----- > Computer Talk Shop > To un-subscribe, http://questforcertification.com/cts/unsubscribe.htm > > List HowTo: http://questforcertification.com/cts/faq > > To join Computer Talk Shop's off topic list, please goto: > http://questforcertification.com/cts/other_cts_lists.htm > -------------------------------------------------------------------------- - > ------ > --------------------------------------------------------------------------- ----- Computer Talk Shop To un-subscribe, http://questforcertification.com/cts/unsubscribe.htm List HowTo: http://questforcertification.com/cts/faq To join Computer Talk Shop's off topic list, please goto: http://questforcertification.com/cts/other_cts_lists.htm --------------------------------------------------------------------------- ------